Reddit Write

Security checks across malware telemetry and agentic risk

Overview

This skill is a local Reddit drafting helper, but it explicitly tells the agent to imitate Luka and avoid being flagged as AI-written.

Install only if Luka has authorized this workflow and you are comfortable with AI-assisted Reddit drafts in his voice. Before use, remove the AI-detection-evasion instruction, keep manual review mandatory, and verify subreddit rules and affiliation disclosure before any QuantWheel mention.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The file explicitly instructs the agent to study the style reference before every draft and to write so accurately in Luka's voice that posts cannot be flagged as AI-written. That goes beyond benign tone guidance and becomes deliberate impersonation and evasion of AI-detection safeguards, which can facilitate deceptive or fraudulent content generation.

Natural-Language Policy Violations

High

Confidence: 99% confidence
Finding: The statement that the agent's job is to produce text that cannot be flagged as AI-written is an explicit request to bypass detection and create deceptive output. In context, this is more dangerous because the rest of the document provides detailed fingerprinting, examples, and formatting rules that operationalize the evasion goal into a repeatable impersonation playbook.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal